60 apps Privacy
Jirafeau screenshot thumbnail

Jirafeau

Upload a file, get a unique download link and a separate delete link - Jirafeau has done exactly this one thing since 2008. It is plain PHP with no database, no mail server, no JavaScript framework, and no external dependencies - files and metadata live on the filesystem, which is why it runs on nearly anything and why it has outlasted most of its imitators. Uploads use the HTML5 file API, so PHP's post_max_size ceiling does not constrain file size, with live progress showing speed, percentage, and time remaining. Every upload takes options: expiration from one minute to a year to unlimited, self-destruct after first download, and password protection with configurable policy - passwords can be optional, required, or server-generated with complexity rules. Server-side encryption (modern builds use XChaCha20-Poly1305) stores files encrypted at rest with the decrypt key embedded only in the download URL, never on the server, so a compromised host cannot read the contents. Unencrypted deployments get file-level deduplication - identical files stored once with multiple links. Upload access can be gated by password lists or IP allowlists, a small admin panel manages stored files, and a CLI cleanup script handles expired files via cron. Recipients can preview supported files in-browser.

Deploy
Password Pusher screenshot thumbnail

Password Pusher

Credentials sitting forever in email threads and chat scrollback - Password Pusher solves that everyday security failure. Instead of pasting a password into Slack, you push it - a password, note, file, URL, or QR code - and share a unique one-time link that expires after a set number of views, a time limit, or both. Content is encrypted at rest with AES-GCM under a configurable master key, optionally guarded by a passphrase, and permanently deleted from the database the moment it expires; a retrieval-step option keeps URL-scanning bots from consuming views. Full audit logs record when each link was created and viewed (and by whom, with logins), and TOTP two-factor authentication can be required instance-wide. The delivery page is deliberately unbranded - no logos or confusing links for recipients - and the interface ships in 31 languages with light and dark themes. Automation runs through a JSON API (v2), an official CLI for pushing and expiring secrets from the terminal, a Chrome extension, and a catalog of third-party integrations. Apache-2.0 licensed Ruby on Rails, deployable via Docker, Kubernetes, or Helm, with SQLite or PostgreSQL storage - the sysadmin staple for sending credentials that clean up after themselves.

Deploy
Lenpaste screenshot thumbnail

Lenpaste

Share code snippets, logs, configs, and notes without registration, tracking, or ads: Lenpaste is a minimal, self-hosted, anonymous alternative to pastebin.com. It is deliberately spartan in the right ways: no accounts, no JavaScript required (the entire site works in text browsers and hardened setups), and cookies used solely to store display preferences. Pastes support syntax highlighting across a long list of languages (from ApacheConf and Arduino to mainstream stacks), configurable expiration from minutes to unlimited, one-use "burn after reading" pastes that self-delete on first view, optional author attribution, and iframe embedding for dropping pastes into other pages. The form-encoded HTTP API covers everything the UI does - create pastes with title, syntax, expiration, and line-ending normalization, fetch them by ID, and query server capabilities - making it trivial to pipe command output to your paste server from shell scripts. Server operators control maximum title and body lengths, maximum paste lifetime, rate limits for viewing and creation, search-engine indexing policy, and can lock private instances behind HTTP Basic authentication. It deploys as a single lightweight Docker container, giving your team a snippet-sharing endpoint where the content never touches a third-party service.

Deploy
BentoPDF screenshot thumbnail

BentoPDF

Merge, split, compress, convert, edit, annotate, redact, OCR, and sign PDFs - BentoPDF packs over 130 tools into a privacy-first toolkit that runs entirely in the browser through WebAssembly. Files are never uploaded - processing happens in browser memory on the user's machine and disappears when the tab closes, which makes the tool GDPR-clean by architecture and safe for financial, legal, and internal documents. The engine combines WASM builds of PyMuPDF, Ghostscript, and CoherentPDF; Tesseract handles OCR with searchable text-layer output; Office conversions cover Word, Excel, and PowerPoint; and digital signatures use X.509 certificates (PFX/PEM) with the private key staying on the client. Because there is no server-side processing, deployment is a static-file exercise: a single Docker container, or any static host. A dedicated self-hosted build strips the marketing pages while keeping every tool, and air-gapped deployments are first-class - an automated script bundles the WASM modules, OCR language data, and fonts for fully offline networks. No accounts, no limits, no watermarks; TypeScript and Vite under the hood.

Deploy
Matomo screenshot thumbnail

Matomo

Several EU data protection authorities have ruled Google Analytics deployments unlawful; Matomo (formerly Piwik) is the most complete open-source replacement - a full analytics platform with 30+ report types across visitors, actions, referrers, goals, and ecommerce. The self-hosted PHP/MySQL edition is free and keeps every byte of visitor data on your infrastructure, which matters more each year: several EU data protection authorities have ruled Google Analytics deployments unlawful, while Matomo configured for cookieless tracking is approved by France's CNIL for use without a consent banner. All reporting runs on 100% unsampled data - no extrapolation at high traffic volumes. The GDPR Manager handles data subject requests and deletion, with IP anonymization, retention controls, and Do Not Track support built in. A dedicated importer pulls your historical Google Analytics data so years of trends survive the migration. Core analytics cover campaigns, custom variables and dimensions, entry/exit pages, downloads, site search, and full ecommerce tracking with a comprehensive HTTP API for reporting and ingestion. Premium plugins extend the platform into Hotjar-class behavioral tooling - click and scroll heatmaps, session recordings, conversion funnels, form analytics, A/B testing - plus a tag manager and SAML SSO. For teams that need GA-equivalent depth with actual data ownership, Matomo is the realistic drop-in replacement.

Deploy
Umami screenshot thumbnail

Umami

No cookies, no fingerprinting, no cross-site tracking, no personal data collection - Umami's privacy contract is the foundation of the open-source web analytics platform. IP addresses are hashed rather than stored, which makes it GDPR, CCPA, and PECR compliant by default - the consent banner can come off the site entirely. The tracking script is under 2 KB, roughly 20x smaller than Google Analytics, so measurement stops being a page-weight tax. The dashboard covers the core metrics - pageviews, visitors, bounce rate, visit duration, referrers, browsers, devices, and countries - with any date range and filtering by country or device. Beyond pageviews, custom events track clicks, form submissions, and signups via a data attribute or one JavaScript call, and advanced reports add funnels, user journeys, retention and cohort analysis, goals, and automatic UTM campaign tracking. Anonymous session views show individual visitor activity without identifying anyone. Teams share websites with role-based access, one instance manages unlimited sites, and a full REST API exposes every metric programmatically. MIT-licensed and self-hosted on PostgreSQL or MySQL via Docker, your analytics data never leaves your infrastructure.

Deploy
Usermemos screenshot thumbnail

Usermemos

Memos, the lightweight open-source note service from the usememos project, packaged as a containerized deployment for multi-architecture Docker hosts (x86-64 and arm64): that is Usermemos. The model is frictionless capture: no folders or titles, just a chronological stream of Markdown notes with code blocks, task lists, tables, and file attachments, organized by #hashtags pulled automatically from the text. Per-memo visibility - private, protected for logged-in users, or public - lets a single instance serve as a personal journal, a shared team log, or a public microblog simultaneously. Multi-user support with authentication makes it workable for small teams, and full REST and gRPC APIs open capture and retrieval to CLIs, bots, and automation tools. The runtime is a single Go binary with a React frontend that idles around 50 MB of memory and stores content as plain Markdown in SQLite by default, with MySQL and PostgreSQL available for heavier deployments. Configuration happens through environment variables, access works over HTTP or HTTPS behind a reverse proxy, and there is no telemetry - notes stay on your server in a portable format.

Deploy
Gotify screenshot thumbnail

Gotify

Real-time alerts from your own infrastructure to your phone, with no Firebase, Pushover, or third-party push service in the path: Gotify is a simple, self-hosted notification server written in Go. The model is deliberately minimal: senders push messages with a single HTTP POST to the REST API, receivers subscribe over a WebSocket stream, and a clean React web UI manages the pieces. Senders are namespaced as "applications," each with its own token, so your backup script, Uptime Kuma, CI pipeline, and cron jobs each get an identity, an icon, and independently revocable credentials - centralized alerting from many services with per-source management. Messages carry a title, body, and priority level that maps to notification importance on the client. The official Android app (on both F-Droid and Google Play, notable for working entirely without Google Play Services) shows push notifications for new messages; the web UI itself supports Web Push in the browser; and gotify/cli pushes messages from shell scripts with one command. A server-side plugin system adds custom behavior, and the whole thing runs as a single small binary with SQLite by default - near-zero resource footprint. Because dozens of tools (and Apprise) speak Gotify natively, it slots in as the notification hub for an entire homelab or ops stack.

Deploy
Endurain screenshot thumbnail

Endurain

A personal Strava on your own server: Endurain is a self-hosted fitness platform that keeps your complete workout history, GPS routes, and health data out of a vendor's cloud. It ingests the standard device formats (.gpx, .tcx, and preferred .fit with full sensor data) via manual or bulk upload, and syncs directly with Strava and Garmin Connect so migrating years of history is straightforward - Garmin sync covers activities, gear, and body composition. The dashboard shows activity feeds with weekly and monthly statistics, routes on maps, and distance, speed, and training-volume trends over time, with definable goals that update automatically. Gear tracking is notably deep: log wetsuits, bicycles, shoes, racquets, skis, and snowboards, assign default gear per activity type, and track individual components like bike chains against replacement mileage. Multi-user support with admin and user roles, follower features, per-activity privacy settings, and configurable sign-up (email verification, admin approval) make it usable for clubs and coaches as well as individuals. Auth is serious for a fitness app: MFA TOTP, OIDC/SAML SSO, and email-based password resets via Apprise. The stack is Vue.js over a Python FastAPI backend with PostgreSQL, plus weight, steps, and sleep logging, imperial/metric units, multi-language support, and third-party app integration.

Deploy
It Tools screenshot thumbnail

It Tools

The utilities engineers otherwise scatter across a dozen ad-laden websites - 80+ of them - live together in IT-Tools, one fast, polished web app. Crypto covers JWT decoding, MD5 through SHA-512 hashing, HMAC and bcrypt generation, RSA key pairs, and password strength analysis. Converters handle JSON to CSV, YAML, and TOML, Base64 files, URL encoding, HTML entities, color formats, and Docker run commands to Compose files. Generators produce UUIDv4, ULID, BIP39 mnemonics, QR codes (including Wi-Fi QR), and tokens; text tools include a regex tester, diff viewer, slug and case converters; web utilities parse URLs and user agents, look up HTTP status codes and MIME types, and inspect Open Graph metadata; plus a cron parser, chmod calculator, and more. The privacy argument is the point: JWTs contain user IDs, hashes derive from passwords, JSON dumps hold PII - exactly the inputs you least want a third-party utility site to log. IT-Tools is a frontend-only static bundle (Vue/TypeScript, GPL-3.0, 39k+ GitHub stars) served by Nginx in one container, so everything runs client-side on your infrastructure with nothing transmitted anywhere. New tools ship roughly monthly, and a scaffolding script makes adding custom ones straightforward.

Deploy
Miniflux screenshot thumbnail

Miniflux

One statically-compiled Go binary over PostgreSQL, no ORM, no framework, static assets embedded in the executable: Miniflux is the minimalist, opinionated feed reader. The opinions are the feature: page layout, fonts, and colors are tuned for reading, and everything else is treated as noise. It consumes Atom, RSS, and JSON Feed formats with OPML import/export, organizes articles with categories and bookmarks, fetches original full-text content for summary-only feeds, and provides Postgres-powered full-text search. Privacy work happens automatically: pixel trackers are stripped, tracking parameters removed from URLs, a media proxy blocks third-party tracking, referrers are never forwarded, and there is zero telemetry. Navigation is keyboard-first - j/k through items, o to open, f to star - with touch gestures on mobile. Podcast, video, and music enclosures are supported, and YouTube videos play inline. Over 25 integrations save articles onward to Wallabag, Readwise Reader, Pinboard, Linkding, Instapaper, Notion, Telegram, Matrix, Ntfy, and more, plus webhooks and a REST API with Go and Python clients; the Google Reader API endpoint supports existing mobile reader apps. Authentication spans local passwords, passkeys (WebAuthn), Google OAuth2, OpenID Connect, and reverse-proxy headers. It is Apache 2.0 licensed, translated into 20 languages, and updates feeds on an internal scheduler.

Deploy
Joplin screenshot thumbnail

Joplin

Notes on Windows, macOS, Linux, Android, iOS, and the terminal, synced through your own server: Joplin pairs its open-source clients with Joplin Server, the official self-hosted backend that replaces Dropbox, OneDrive, or Nextcloud as the synchronization target. Notes are Markdown with inline attachments (images, PDFs, audio), organized into hierarchical notebooks and sub-notebooks with cross-cutting tags, alongside to-do lists with reminders and alarms. End-to-end encryption is the headline feature: enabled in the clients, it encrypts sync payloads on-device before upload, so the server stores blobs it cannot read - genuine protection even if the host is compromised. The desktop app offers both Rich Text and Markdown editors, extended by a plugin ecosystem, custom themes, and an Extension API for writing your own scripts; a Web Clipper for Chrome and Firefox captures full pages or screenshots straight into notebooks. Joplin Server ships as a Docker image with SQLite for evaluation and PostgreSQL for production, offers a filesystem storage driver for large content, and includes multi-user support and note sharing - all free under AGPL-3.0 when self-hosted. Notes stay in an open format, so the exit path always exists.

Deploy
Omni Tools screenshot thumbnail

Omni Tools

The ad-riddled "free online tools" sites people paste sensitive text into and upload confidential PDFs to - OmniTools replaces that whole ecosystem with one self-hosted app. It bundles 50+ utilities behind one clean React/TypeScript interface: image tools (resize, convert, crop, edit), video and audio tools (trim, reverse, convert), PDF tools (split, merge, edit), text and list utilities (case converters, formatters, shufflers), plus date/time, math, and data-format helpers for JSON, CSV, and XML. The architectural decision that makes it trustworthy is that all file processing happens entirely client-side in the browser - the server only serves static assets, and nothing you process ever leaves your device. That design has a pleasant side effect: the host needs almost no resources (people run it on a Raspberry Pi Zero), because your browser does the work while the server just delivers files. The Docker image is a remarkable 28 MB, making it one of the fastest apps to deploy and cheapest to keep running. There are no ads, no tracking, no accounts, and no upload limits. With multi-language support and an MIT license, it works equally well as a personal toolbox or a team-wide internal utility portal - one URL that replaces a bookmark folder full of questionable converters. Actively developed with 50 contributors and 9,500+ GitHub stars.

Deploy
KeeWeb screenshot thumbnail

KeeWeb

Your KeePass vaults, opened from any browser: KeeWeb reads, edits, and creates standard KDBX files, so it works with the same databases as KeePass and KeePassXC without conversion or lock-in. Self-hosting the web app gives you a password manager reachable from any modern browser, including mobile, with no client installation and no third-party cloud in the loop. All KDBX cryptography runs client-side; the server just serves the static app. Open multiple vault files simultaneously and search them all from one box, with advanced options covering specific fields, password history, and regular expressions. Vaults load from local files, your own server (WebDAV), or Dropbox, Google Drive, and OneDrive, with automatic sync - and files are cached for offline use, so a dropped connection never locks you out; changes resync once you're back online. Day-to-day niceties include a configurable password generator, protected fields that stay masked and are held in memory more defensively, entry history, tags with easy input, drag-and-drop attachments, and per-entry icons with favicon fetching. The optional KeeWeb Connect extension (Chrome, Firefox, Edge, Safari) autofills credentials using the keepassxc-protocol. MIT-licensed with matching desktop apps for macOS, Windows, and Linux.

Deploy
Ackee screenshot thumbnail

Ackee

Page views, referrers, browsers, and screen sizes - Ackee delivers the analytics developers actually check, from a deliberately minimal Node.js and MongoDB stack that skips both Matomo's weight and Google Analytics' cloud dependency. Its defining constraint is anonymization: no cookies, no unique user tracking, and a multi-step anonymization process that keeps visitors unidentifiable while the aggregate numbers stay useful. In its default anonymous mode Ackee collects no personally identifiable information at all, which means GDPR and CCPA compliance out of the box and no cookie consent banner on your sites. A detailed mode adds screen size, language, and per-visit referrers - still without cookies or fingerprinting. Integration mirrors the Google Analytics pattern: create a domain in settings, drop the generated ackee-tracker snippet into your pages, and data appears in a clean single-page dashboard. One instance tracks multiple domains, and custom events capture button clicks, signups, and conversions. The distinctive engineering choice is the fully documented GraphQL API: everything the dashboard shows comes from that API, so you can query active visitors, average duration, and view statistics programmatically, feed data in from apps and services beyond websites, or build an entirely custom interface on top. If you want bare-minimum analytics with a real API and zero privacy anxiety, this is the tool.

Deploy
Radicale screenshot thumbnail

Radicale

Calendars, to-do lists, journal entries, and contacts, synced over the open CalDAV and CardDAV standards nearly every client already speaks: Radicale is a small pure-Python server that works with Thunderbird, DAVx5 on Android, Apple Calendar and Contacts, GNOME, and many more. Its defining design choice is radical simplicity: there is no database. Events live as plain .ics files and contacts as .vcf files in an ordinary folder structure, which makes backup a copy command, migration a move, and disaster recovery a matter of reading text files. The server works out of the box with no complicated setup, then grows as needed: flexible authentication (htpasswd files among other methods), per-collection authorization rules, TLS-secured connections, and a plugin system for extending storage, auth, and rights handling. Built-in limits on parallel connections, file sizes, and failed authentication attempts harden it for network exposure behind a reverse proxy. A bundled web interface handles creating and managing calendars and address books - useful since many clients cannot create collections themselves. Maintained since 2011 with 140+ contributors, GPLv3-licensed, and light enough to run on the smallest VPS or a Raspberry Pi.

Deploy
Roundcube screenshot thumbnail

Roundcube

Two decades of continuous development made Roundcube the standard-bearer of open-source webmail - a PHP IMAP client that gives any mail server a polished, application-like interface in the browser. It connects to whatever IMAP/SMTP stack you run - Dovecot, Postfix, a hosted mailbox - and delivers the full desktop-client experience: drag-and-drop message management, threaded conversation views, full MIME and HTML mail handling, find-as-you-type address book with groups and LDAP connectors, multiple sender identities, full-text search, and spell checking in dozens of languages. The default Elastic skin is genuinely responsive, working as well on a phone as a desktop, and the entire UI is skinnable. The plugin API is where deployments get shaped: managesieve exposes server-side filter management in the UI, enigma brings PGP encryption and signing via GnuPG, markasjunk trains spam filters, zipdownload batches attachments, password lets users change credentials, and attachment_reminder catches the classic forgotten-attachment email - among hundreds of community plugins. Built-in caching keeps large mailboxes fast, IMAP ACLs and shared folders support team setups, and XSS protection is engineered into the rendering pipeline. It scales from a single personal mailbox to unlimited users, backed by MySQL, MariaDB, PostgreSQL, or SQLite. GPL-licensed with regular security releases.

Deploy
Whoogle screenshot thumbnail

Whoogle

Google's search results without Google's surveillance: Whoogle is a self-hosted proxy that strips the tracking and keeps the results. Your query goes from browser to your Whoogle instance, which fetches results from Google with a randomly generated User Agent and strips everything hostile before returning them: no ads or sponsored content, no third-party JavaScript or cookies, no AMP links, no URL tracking tags like utm_source, no referrer header - and Google sees your server's IP, never yours. Unlike metasearch engines that blend sources, Whoogle proxies Google exclusively, so result quality is exactly what you'd get logged out and incognito, minus the noise. A lightweight Flask app configured entirely through environment variables, it supports DuckDuckGo-style bang shortcuts, autocomplete suggestions, safe search, per-country and per-language filtering, site blocklists, and automatic rewriting of social links to privacy front-ends like Nitter and Invidious. Privacy hardening goes further: built-in Tor routing makes Google see an exit node instead of your server, HTTP/SOCKS proxy support covers other setups, and POST-based queries keep search terms out of logs. Light, dark, and fully custom CSS themes plus browser search-engine registration make it a drop-in default on desktop and mobile. Stateless, tiny, and trivial to run.

Deploy